Mike Perry transcribed 3.6K bytes: > I think the next step here is to try to gather a list of cloudflare > customers we suspect to be Tor friendly, and have them politely request > that their Tor users not be discriminated in this way, and failing that, > publicly leave Cloudflare for a competing ISP. I think pushback > from actual CloudFlare customers will carry far more weight here than > pushback from the Tor Project or the EFF. It also makes zero sense for > CloudFlare to serve Tor users captchas at all if their customers are the > ones paying the hosting bills and are happy to serve Tor users. +1 However, I don't know of a competitor to Cloudflare who privides free (as in beer) (D)DoS-protection via reverse webproxies, not to mention all the other bells and whistles which Cloudflare offers. It'll be hard to make the argument to switch for user-privacy reasons, given the seeming lack of marketed alternatives. Can anyone recommend a comparable alternative to Cloudflare? > For my part, I've noticed that nearly all of the Bitcoin web > infrastructure is hosted on Cloudflare. Surely some of those people > might be willing to speak up for us. > I have considered starting an outreach effort to speak to the maintainers of some of these sites, with the idea that I might gather sympathy from certain communities who use Cloudflare. For example, as you mentioned, the Bitcoin community, which I have personally noticed while having discussions with some of the core bitcoin developers, who pointed me to various bits of Bitcoin documentation... which I was frustratingly unable to access due to an infinite CAPTCHA loop from Cloudflare. The core Bitcoin developers, from my experience, are all extremely well-informed about Tor and related privacy and security issues. I would guess that they are likely using Cloudflare primarily as a mechanism to decrease the attack surface of their sites, and probably are already aware (or would be upset to learn) that Cloudflare sometimes prevents Tor users from accessing the content entirely. > Has anyone else noticed Cloudflare captchas on sites that they would > otherwise expect to be run by Tor-friendly entities? > Here's the beginnings of your list. Others should feel free to amend. Possibly-Tor-sympathetic sites which use Cloudflare: ---------------------------------------------------- * [The Bitcoin Wiki](https://en.bitcoin.it) * [Open Tech Fund](https://www.opentechfund.org/) -- ââ isis agora lovecruft _________________________________________________________ GPG: 4096R/A3ADB67A2CDB8B35 Current Keys: https://blog.patternsinthevoid.net/isis.txt
Attachment:
signature.asc
Description: Digital signature
-- tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk